The Latest 45 Security breaches Worldwide – Week 19, 2019

45 Security breaches Worldwide – Week 19, 2019

Be informed about the latest 45 Security breaches Worldwide, identified and reported publicly during Week 19, 2019. Security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.

Here is a technical explanation of how Facebook intentionally circumvented its own privacy controls to share data with its partners and how apps can make tons of cash selling this supposedly private data.

Along the way, the company took advantage of regulators’ ignorance of its technology to sell your data by ignoring everyone’s sharing settings. “Zuckerberg calling for a new era of true data portability is no different from the meth dealer demanding the keys to the drug locker.” Deceit By Design: Zuck’s Dirty Secret He Doesn’tWant You To Know

A new malware encyclopedia is now out from CheckPoint devoted just to MacOS exploits.

You can dig deeper into how the code works, links to signatures, events and samples. This should finally put to rest that Macs are immune from malware. macOS Malware Encyclopedia

Coinminers are still very much with us, even though one of the major players, Coinhive, was taken down in March.

Researchers are still seeing remnants of its malware code on tens of thousands of computers, trying to phone home unsuccessfully. Coinhive’s major competitor, CryptoLoot, is still active with 1 million daily requests across the Internet. Cryptojacking in the post-Coinhive era

More than 50,000 customers of SAP are open to attack, according to researchers.

Barracuda researchers have revealed a startling rise in account takeover.

A recent analysis of account-takeover attacks targeted at Barracuda customers found that 29 percent of organizations had their Office 365 accounts compromised by hackers in March 2019. More than 1.5 million malicious and spam emails were sent from the hacked Office 365 accounts in that one month! Threat Spotlight: Account Takeover

It appears the “backdoor” to Huawei routers is nothing more than telnet.

Implementations of several versions of OpenPGP and S/MIME have vulnerabilities in their email signature verification code that could allow for spoofing of the messages.

A team of German academic researchers found five different attack methods among 14 different email clients. They label the effort “Johnny You Are Fired” and propose a series of mitigations, most of which have already been implemented by the email vendors. Artifacts for the USENIX publication

Malware is more frequently designed to detect and evade sandboxes, which are often used by researchers.

It contains information on more than 2,000 confirmed data breaches seen during 2018, taken from more than 70 different reporting sources and analyzing more than 40,000 separate security incidents. 2019 Data Breach Investigations Report (pdf)

Hackers were able to steal the equivalent of $45M+ from the Binance cryptocurrency exchange.

The bitcoins were removed by phishing and malware, and the company pledged it would reimburse the rightful account owners. This blog post announced a temporary suspension of deposits and withdrawals (but not trading), explains what happened and how the exchange is dealing with the theft. Binance Security Breach Update

The city of Baltimore, Maryland suffered a RobbinHood ransomware attack on May 7 that knocked out the majority of city servers and some government applications.

ISPsystem is a web-based control panel used by numerous hosting providers and their customers.

Researchers found several bugs that could allow hackers to hijack sessions and take control over a user’s websites. The company fixed the problem and issued a patch with v.5.178.2, and users should upgrade. Vulnerabilities in ISPsystem

WordPress is releasing a new version today that will include screening for supply-chain attacks, which are on the rise.

the median number of days to discover an external cyber intrusion dropped from 83 days in 2017 to 55 days in 2018.

According to a new report from Trustwave. While that is good news, the evidence of some attackers wasn’t found for more than a year. And to make matters worse, the portion of all incoming email that was spam rose from a third of all messages in 2017 to close to 90% last year. 2019 Trustwave Global Security Report (pdf)

Malware writers are using various cloud services to hide their command infrastructure and code.

This post summarizes two of these methods nicely. For example, tech support scams are being hosted on IaaS object stores, using arbitrary host names to make them harder to spot. And G Docs are being used to create phishing templates and hide the malicious URLs behind them. This means defenders will have to up their game on content filtering and use better analysis to figure these ploys out. Old Scams Getting New Life in the Cloud

Chrissy Morgan has posted the recording of an hour-long talk on responsible disclosures she recently gave at Le Tour Du Hack.

She discusses the context of some significant disclosures and what researchers did correctly and incorrectly. Le Tour Du Hack 2019: The Good, The Bad And The Ugly Of Responsible Disclosure – Chrissy Morgan

The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here’s how it works and what you can do to mitigate its risk. What is GPS spoofing? And how you can defend against it

Ransomware is now so common that it is even a subject of a segment on this week’s 60 Minutes.

But a new ploy is leveraging Git-based services that replace various source code repositories with a ransom note. Poor password hygiene is the cause. The files aren’t deleted– just their headers– and can be restored. Almost 400 projects have been affected so far. A hacker is wiping Git repositories and asking for a ransom

Attackers are using shell_exec function to kick off Cron jobs to add malware backdoors.

What is intriguing about this attack is that the hackers are storing their commands in a DNS TXT record. Cronjob Backdoors

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

19 Security breaches Worldwide – Week 23, 2019 Be informed about the latest 19 Security breaches Worldwide, identified and reported publicly during Week 23, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

5 Security breaches Worldwide – Week 31, 2019 Be informed about the latest 5 Security breaches Worldwide, identified and reported publicly during Week 31, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

18 Security breaches Worldwide – Week 22, 2019 Be informed about the latest 18 Security breaches Worldwide, identified and reported publicly during Week 22, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

27 Security breaches Worldwide – Week 16, 2019 Be informed about the latest 27 Security breaches Worldwide, identified and reported publicly during Week 16, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

7 Security breaches Worldwide – Week 21, 2019 Be informed about the latest 7 Security breaches Worldwide, identified and reported publicly during Week 21, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

22 security breaches Worldwide – Week 14, 2019 Be informed about the latest 22 Security breaches Worldwide, identified and reported publicly during Week 14, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases. Do you have…

28 Security breaches Worldwide – Week 17, 2019 Be informed about the latest 28 Security breaches Worldwide, identified and reported publicly during Week 17, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

9 Security breaches Worldwide – Week 30, 2019 Be informed about the latest 9 Security breaches Worldwide, identified and reported publicly during Week 30, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

17 Security breaches Worldwide – Week 26, 2019 Be informed about the latest 17 Security breaches Worldwide, identified and reported publicly during Week 26, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

25 Security breaches Worldwide – Week 12, 2019 Be informed about the latest 25 Security breaches Worldwide, identified and reported publicly during Week 12, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases. Do you have…

10 Security breaches Worldwide – Week 27, 2019 Be informed about the latest 10 Security breaches Worldwide, identified and reported publicly during Week 27, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

17 Security breaches Worldwide – Week 29, 2019 Be informed about the latest 17 Security breaches Worldwide, identified and reported publicly during Week 29, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

13 Security breaches Worldwide – Week 33, 2019 Be informed about the latest 13 Security breaches Worldwide, identified and reported publicly during Week 33, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

15 Security breaches Worldwide – Week 18, 2019 Be informed about the latest 15 Security breaches Worldwide, identified and reported publicly during Week 18, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…

11 Security breaches Worldwide – Week 32, 2019 Be informed about the latest 11 Security breaches Worldwide, identified and reported publicly during Week 32, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases. Do you have…